{"id":"https://openalex.org/W4416549466","doi":"https://doi.org/10.1145/3719027.3765064","title":"AgentSentinel: An End-to-End and Real-Time Security Defense Framework for Computer-Use Agents","display_name":"AgentSentinel: An End-to-End and Real-Time Security Defense Framework for Computer-Use Agents","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549466","doi":"https://doi.org/10.1145/3719027.3765064"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765064","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765064","pdf_url":null,"source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3719027.3765064","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102287894","display_name":"Hu Haitao","orcid":"https://orcid.org/0009-0009-6803-0314"},"institutions":[{"id":"https://openalex.org/I30809798","display_name":"ShanghaiTech University","ror":"https://ror.org/030bhh786","country_code":"CN","type":"education","lineage":["https://openalex.org/I30809798"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Haitao Hu","raw_affiliation_strings":["ShanghaiTech University, Shanghai, China"],"raw_orcid":"https://orcid.org/0009-0009-6803-0314","affiliations":[{"raw_affiliation_string":"ShanghaiTech University, Shanghai, China","institution_ids":["https://openalex.org/I30809798"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103072314","display_name":"Peng Chen","orcid":"https://orcid.org/0009-0005-7482-1359"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Peng Chen","raw_affiliation_strings":["Independent Researcher, Shanghai, China"],"raw_orcid":"https://orcid.org/0009-0005-7482-1359","affiliations":[{"raw_affiliation_string":"Independent Researcher, Shanghai, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yanpeng Zhao","orcid":"https://orcid.org/0000-0002-1048-7030"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yanpeng Zhao","raw_affiliation_strings":["Independent Researcher, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-1048-7030","affiliations":[{"raw_affiliation_string":"Independent Researcher, Beijing, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026181425","display_name":"Yuqi Chen","orcid":"https://orcid.org/0000-0003-2988-6012"},"institutions":[{"id":"https://openalex.org/I30809798","display_name":"ShanghaiTech University","ror":"https://ror.org/030bhh786","country_code":"CN","type":"education","lineage":["https://openalex.org/I30809798"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuqi Chen","raw_affiliation_strings":["ShanghaiTech University, Shanghai, China"],"raw_orcid":"https://orcid.org/0000-0003-2988-6012","affiliations":[{"raw_affiliation_string":"ShanghaiTech University, Shanghai, China","institution_ids":["https://openalex.org/I30809798"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5102287894"],"corresponding_institution_ids":["https://openalex.org/I30809798"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.18448274,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"3535","last_page":"3549"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.3808000087738037,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.3808000087738037,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.18279999494552612,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.12200000137090683,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.6104999780654907},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.5726000070571899},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5647000074386597},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5586000084877014},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5131000280380249},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.46700000762939453},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4507000148296356},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.4343999922275543},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.37279999256134033}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7106000185012817},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7093999981880188},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.6104999780654907},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.5726000070571899},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5647000074386597},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5586000084877014},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5131000280380249},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.46700000762939453},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4507000148296356},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.4343999922275543},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.37279999256134033},{"id":"https://openalex.org/C2776889888","wikidata":"https://www.wikidata.org/wiki/Q1135789","display_name":"Unintended consequences","level":2,"score":0.36419999599456787},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3395000100135803},{"id":"https://openalex.org/C2776505523","wikidata":"https://www.wikidata.org/wiki/Q4785468","display_name":"Plan (archaeology)","level":2,"score":0.3330000042915344},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.33090001344680786},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3285999894142151},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.32580000162124634},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.311599999666214},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.3025999963283539},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2913999855518341},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.2851000130176544},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.2727999985218048},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.26499998569488525},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.2606000006198883}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3765064","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765064","pdf_url":null,"source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3719027.3765064","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765064","pdf_url":null,"source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":4,"referenced_works":["https://openalex.org/W4388886073","https://openalex.org/W4402157666","https://openalex.org/W4404534210","https://openalex.org/W4405181744"],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"have":[4],"been":[5],"increasingly":[6],"integrated":[7],"into":[8],"computer-use":[9,79],"agents,":[10],"which":[11],"can":[12],"autonomously":[13],"operate":[14],"tools":[15],"on":[16,99,171],"a":[17,78,100,115,126,150,165],"user's":[18,101],"computer":[19],"to":[20,26,46,94],"accomplish":[21],"complex":[22],"tasks.":[23],"However,":[24],"due":[25],"the":[27,132],"inherently":[28],"unstable":[29],"and":[30,67,111],"unpredictable":[31],"nature":[32],"of":[33,77,153,186],"LLM":[34],"outputs,":[35],"they":[36],"may":[37],"issue":[38],"unintended":[39],"tool":[40,59],"commands":[41],"or":[42],"incorrect":[43],"inputs,":[44],"leading":[45],"potentially":[47],"harmful":[48],"operations.":[49],"Unlike":[50],"traditional":[51],"security":[52,69,97,117,122],"risks":[53],"stemming":[54],"from":[55,62],"insecure":[56],"user":[57],"prompts,":[58],"execution":[60,113],"results":[61],"LLM-driven":[63],"decisions":[64],"introduce":[65],"new":[66],"unique":[68],"challenges.":[70],"These":[71],"vulnerabilities":[72],"span":[73],"across":[74,158],"all":[75,105,190],"components":[76],"agent.":[80],"To":[81,143],"mitigate":[82,95],"these":[83],"risks,":[84],"we":[85,147],"propose":[86],"AgentSentinel,":[87,146],"an":[88,181],"end-to-end,":[89],"real-time":[90],"defense":[91,183],"framework":[92],"designed":[93],"potential":[96],"threats":[98],"computer.":[102],"AgentSentinel":[103,179],"intercepts":[104],"sensitive":[106],"operations":[107],"within":[108],"agent-related":[109],"services":[110],"halts":[112],"until":[114],"comprehensive":[116],"audit":[118],"is":[119],"completed.":[120],"Our":[121,175],"auditing":[123],"mechanism":[124],"introduces":[125],"novel":[127],"inspection":[128],"process":[129],"that":[130,178],"correlates":[131],"current":[133],"task":[134,141],"context":[135],"with":[136],"system":[137],"traces":[138],"generated":[139],"during":[140],"execution.":[142],"thoroughly":[144],"evaluate":[145],"present":[148],"BadComputerUse,":[149],"benchmark":[151,163],"consisting":[152],"60":[154],"diverse":[155],"attack":[156,160,168],"scenarios":[157],"six":[159],"categories.":[161],"The":[162],"demonstrates":[164],"87%":[166],"average":[167,182],"success":[169,184],"rate":[170,185],"four":[172],"state-of-the-art":[173],"LLMs.":[174],"evaluation":[176],"shows":[177],"achieves":[180],"79.6%,":[187],"significantly":[188],"outperforming":[189],"baseline":[191],"defenses.":[192]},"counts_by_year":[],"updated_date":"2025-11-28T17:06:18.966761","created_date":"2025-11-23T00:00:00"}